Search String: Display: Description: Sort:

Results:

References: [ +subject:/^(?:^\s*(re|sv|fwd|fw)[\[\]\d]*[:>-]+\s*)*maybe\s+this\s+is\s+a\s+dumb\s+question\s*$/: 9 ]

Total 9 documents matching your query.

1. maybe this is a dumb question (score: 1)
Author: "Chris Barnes" <chris-barnes AT tamu DOT edu>
Date: Tue, 26 Aug 2003 10:34:49 -0500
One of my student workers - who happens to be setting up Amanda, recently came to me with a concern about how the backup/restore process handles soft links. I suspect that this is a non-issue in that
/usr/local/webapp/mharc-adsm.org/html/Amanda-Users/2003-08/msg00696.html (12,710 bytes)

2. Re: maybe this is a dumb question (score: 1)
Author: Jay Fenlason <fenlason AT redhat DOT com>
Date: Tue, 26 Aug 2003 12:08:50 -0400
Amanda doesn't do anything about this--it just calls the underlying backup mechanism (guntar or dump) to do the dirty work. It's up to the underlying backup mechanism to handle this. So the right peo
/usr/local/webapp/mharc-adsm.org/html/Amanda-Users/2003-08/msg00698.html (13,643 bytes)

3. Re: maybe this is a dumb question (score: 1)
Author: Jay Lessert <jayl AT accelerant DOT net>
Date: Tue, 26 Aug 2003 10:14:55 -0700
Chris, Give your student worker a cookie (or a beer if they're old enough). Though this isn't a new exploit technique, it sure looks to me like if one: - Uses 'program "DUMP"' - Uses amrecover Then y
/usr/local/webapp/mharc-adsm.org/html/Amanda-Users/2003-08/msg00700.html (12,824 bytes)

4. RE: maybe this is a dumb question (score: 1)
Author: "Jeremy L. Mordkoff" <jlm AT TataraSystems DOT com>
Date: Wed, 27 Aug 2003 13:33:01 -0400
My policy is to never restore files in place. I always restore to a temporary location and ask the owner to copy the file into place. That avoids any stickiness. I remember a case where someone asked
/usr/local/webapp/mharc-adsm.org/html/Amanda-Users/2003-08/msg00713.html (13,810 bytes)

5. Re: maybe this is a dumb question (score: 1)
Author: Jay Lessert <jayl AT accelerant DOT net>
Date: Wed, 27 Aug 2003 10:45:50 -0700
I agree that is a good practice (doesn't prevent Chris' student's proposed exploit, though). -- Jay Lessert jay_lessert AT accelerant DOT net Accelerant Networks Inc. (voice)1.503.439.3461 Beaverton
/usr/local/webapp/mharc-adsm.org/html/Amanda-Users/2003-08/msg00714.html (11,563 bytes)

6. Re: maybe this is a dumb question (score: 1)
Author: "Chris Barnes" <chris-barnes AT tamu DOT edu>
Date: Wed, 27 Aug 2003 12:54:12 -0500
Actually, I think it might. If we restore to a temporary location, then the /etc/passwd (from my previous example) won't be overwritten. The malicious user couldn't move it manually (since they would
/usr/local/webapp/mharc-adsm.org/html/Amanda-Users/2003-08/msg00716.html (12,135 bytes)

7. Re: maybe this is a dumb question (score: 1)
Author: Jay Lessert <jayl AT accelerant DOT net>
Date: Wed, 27 Aug 2003 12:28:01 -0700
Chris, I don't remember your exact example, but not in all cases (unless I'm missing something obvious...): cd /home/joebob/src ln -s /bin sleep 86400 rm bin mkdir bin cp -p /home/joebob/bin/my_ls bi
/usr/local/webapp/mharc-adsm.org/html/Amanda-Users/2003-08/msg00724.html (12,617 bytes)

8. Re: maybe this is a dumb question (score: 1)
Author: "Chris Barnes" <chris-barnes AT tamu DOT edu>
Date: Wed, 27 Aug 2003 17:35:13 -0500
Not if I restore each incremental into a different temp directory /home/joebob/restore1/src (the softlink) /home/joebob/restore2/src (the directory containing ls) It is then up to the user to move th
/usr/local/webapp/mharc-adsm.org/html/Amanda-Users/2003-08/msg00727.html (12,399 bytes)

9. Re: maybe this is a dumb question (score: 1)
Author: Jon LaBadie <jon AT jgcomp DOT com>
Date: Thu, 28 Aug 2003 12:09:22 -0400
I missed the first couple of articles on this thread so I don't have them to quote, sorry. I read them on the archive at yahoo though. I expectantly await J. Fennalson's investigation. May even try m
/usr/local/webapp/mharc-adsm.org/html/Amanda-Users/2003-08/msg00738.html (13,977 bytes)

Current List: 1 - 9
Page: [1]
This search system is powered by Namazu